|
7/11/2011 9:19:42 PM
|
bbloom
Posts 1548
|
I have uncovered a HUGE HUGE issue with the login of the NWN2 Bioware system being down. You can login as another player just by using their login name. In essence any player anywhere can Hijack your account and play or steal from any of your characters. We have just implemented a check against the last CDKey you logged in with. We update it on every login. Thank God we do! So when you login your current CD Key will be compared to the one that you logged in with last. If it does not match, you will be booted within 5 seconds and the attempt will be logged.
If you have more than one copy of NWN2 you will get booted if you play your account on the other copy. Nothing I can do about that. It is a necessary precaution, since we will not be able to do our best to secure your hard work and effort of time and otherwise if we do not take this action.
If you cannot login, and you have been using the same PC, then your account has been hi-jacked. We record the CD Key of the most recent login under that account. I have the database backed up and pull your CD Key from it and restore it to its proper owner, if this is the case. You will need to PM me on this forum.
I am letting other PW runners know now, well at least the ones that actually acknowledge our existence. HEH
edited by bbloom on 7/11/2011
--
Brian S. Bloom
Realms of Trinity Executive Producer
Neverwinter Nights Podcast Host
Area Developer & Scripter
 
|
|
7/11/2011 10:43:27 PM
|
Pyrotics
Posts 317
|
Oh wow, excellent precaution there. I always wondered what that whole authentication process was about...
Pyrotics
--
Drank the O family Kool-Aid.
Primary Toons:
Etoiles (CLICK HERE)
Zap Calenia
Argo Paltesh
|
|
7/12/2011 9:09:40 AM
|
Ladderjack
Posts 73
|
Some questions:
Is there a means by which to play on Realms of Trinity without BioWare authentication?
Does this anti-hijacking precaution mean that the NWN2 client we log in from must be installed with the same CD key as the one we had most recently logged in with prior to you implementing the precaution?
Has BioWare given any recognition to the issue or indicated if/when this will be addressed?
How was this security issue discovered?
Is there a rollback plan available in the case that a character/account gets hijacked?
Thanks.
|
|
7/12/2011 9:14:37 AM
|
bbloom
Posts 1548
|
Is there a means by which to play on Realms of Trinity without BioWare authentication?
No, you have to put in your username and ( any password now - LOL ) That's the only way that our server knows that its you to give you your characters. Nothing changes as far as connecting to ROT. We handled the issue.
Does this anti-hijacking precaution mean that the NWN2 client we log in from must be installed with the same CD key as the one we had most recently logged in with prior to you implementing the precaution?
Yes
Has BioWare given any recognition to the issue or indicated if/when this will be addressed?
Yes and No. Yes they have posted that the service will be down for a LONG time, and NO they never warned that account hijacking would be possible due to no password authentication.
How was this security issue discovered?
ME, and my brilliance. 
Is there a rollback plan available in the case that a character/account gets hijacked?
As stated above: If you cannot login, and you have been using the same PC, then your account has been hi-jacked. We record the CD Key of the most recent login under that account. I have the database backed up and pull your CD Key from it and restore it to its proper owner, if this is the case. You will need to PM me on this forum.
--
Brian S. Bloom
Realms of Trinity Executive Producer
Neverwinter Nights Podcast Host
Area Developer & Scripter
|
|
7/12/2011 1:52:57 PM
|
Syrophir
Posts 64
|
Thumbs up for Brian again. 
--
"We are what we think. All that we are arises with our thoughts. With our thoughts, we make the world. - Buddha"
|
|
7/14/2011 2:41:02 PM
|
Nottingham
Posts 4
|
I am so screwed by this. My entire family plays. I own three keys and have three others from friends spread out over six computers in a network; if a friend cannot log on, he just calls and I have one of my kids log off or change computers. My computer is the best one, and my wife second, so my kids use mine or hers when we are gone, but theirs when we are home, and it is not always the same kid on the same parent computer. When my friends come over for a Lan Party, they log on thier characters on my best machines and use my keys. At present, my kids cannot play their characters while I am playing because because they logged in last on my computer with my key. I also have a friend with a laptop in Utah that cannot log in with his character because I logged him on to get him an item he could use that was in the dinations chest. I am just coming to terms with how screwed I am at present.
|
|
7/14/2011 3:25:36 PM
|
bbloom
Posts 1548
|
Nottingham wrote:
I am so screwed by this. My entire family plays. I own three keys and have three others from friends spread out over six computers in a network; if a friend cannot log on, he just calls and I have one of my kids log off or change computers. My computer is the best one, and my wife second, so my kids use mine or hers when we are gone, but theirs when we are home, and it is not always the same kid on the same parent computer. When my friends come over for a Lan Party, they log on thier characters on my best machines and use my keys. At present, my kids cannot play their characters while I am playing because because they logged in last on my computer with my key. I also have a friend with a laptop in Utah that cannot log in with his character because I logged him on to get him an item he could use that was in the dinations chest. I am just coming to terms with how screwed I am at present.
Actually, I have an idea to "unscrew" you but its going to be at least a couple of weeks before I can get it done, and it will require some manual intervention so that I can get your encrypted CD Key for all your copies.
--
Brian S. Bloom
Realms of Trinity Executive Producer
Neverwinter Nights Podcast Host
Area Developer & Scripter
|
|
pages:
1 |
|---|